A lot of people on TOR cry about js based onion sites. Can anyone show solid proof that JS will expose you?
If you are making a claim, you must be able to start an onion site and expose anyone who goes on it, if you can't and still shitposting, stfu and leave this board, you don't belong here.
Other urls found in this thread:
browserleaks.com
ipleak.net
chromium.org
digitaltrends.com
twitter.com
bump
>solid proof
JS is a class of fucking attacks
This is like asking for proof that cars are dangerous
> wonders why even non tor browsers warn against Javascript
> wants proof
There are some nasty things JS can do
>JS can get list of your fonts
mostly one in 10000
>HTML5 canvas fingerprint
one in 500000
>WebGL canvas fingerprint
one in 200000
>JS can scan your local network
>JS can identify your OS and architecture even when spoofed (with certain math operations)
However Tor Browser turns off many of these by default even for the lowest security setting. Many attacks against Tor were in times where there was no tor browser, through plugin system or weird behaviours like auto-opening pdf or other formats.
Beside facebook I haven't heard of any other website doing shit like fingerprinting your mouse movement, typing and how you browse the website in general. This might be just paranoia, but still JS-based.
Overall Tor is slow, bad JS can make website big and slow. The website keeps it light and mostly works with JS turned off, then why not.
really no other useful information than system time
ran it in my tor, not even in tails and it doesn't show jack shit.
>JS is a class of fucking attacks
js is the language of the browser engine.
it's like calling an exploit in a C language a C class of attacks. Just gtfo
THIS. Could not have said it better myself. Someone please pin this. Only exploits were browser exploits, had nothing to do with JS. Or if you were stupid enough to download lets say a docx file that had remote content.
Browsers nowdays are very secure. I would actually like to see a Chromium based TOR browser (chromium.org
Of course there's nothing to do with JS, but you shouldn't enable it if you don't want to be fingerprinted while using TOR.
Better safe than sorry. You need to prove it doesn't expose you, not the other way around.
It has happened with people using outdated tor browsers.
However, you're fine if you use a virtual machine like Whonix. Whonix is so fucking easy to setup that there is no reason not to use it.
Depends on what you browse over TOR. sometimes you might not care about being fingerprinted (they can only link the places you visited where they have fingerprinting in place to a single user), only care that your location stays anonymous.
actually it is the other way around. Needs to be proven that it isn't safe. That's how everything works. All software is safe unless it has a loophole. By your logic, TOR/Tails and everything else isn't safe because it is not really possible to proof 100% they are, since they could still have bugs that are not found.
I prefer tails to Whonix.
...
pic makes no sense
>he doesnt understand how a non audited binary script could be dangerous
back to the drawing board OP
Why is JS even standard now for websites? Why does every website need fucking JavaScript to display information.
What happened to HTML+CSS and (maybe PHP when necessary) ?
...
>All software is safe unless it has a loophole
Not when you're doing shady shit on the deepweb
>By your logic, TOR/Tails and everything else isn't safe
My point exactly. If it was, you wouldn't see hidden services repeatedly shutdown by the FBI and their owners arrested.
You can take steps to reduce your risk but never for a moment assume TOR or any privacy protecting software is 'safe'
OH NO NOT MY FONTS, HOW WILL I EVER RECOVER WHEN MY FONTS GET EXPOSED TO ALL THE WORLD.
>Thinking it's about the fonts
Meta Fail
>Someone please pin this.
go back to r*dd*t
who need JS ?
> blaming that on js
they are just brute forcing your router. don't put admin:password123 as your password and you'll be fine. i.e. don't be a fucking moron.
> not audited binary script
> relevant to js
did you even read?
html+css only sucks. and PHP is the worst language I have ever came across in my entire life. I rather write assembly code than PHP. It's fucking cancer.
> that pic
by that logic shut down all roads do not let anyone outside. That will reduce crime.
my bad gotten used to discord too much
Actually it is useful when you live under a dictatorship or you're a journalist in an oppressive country. So that pic is just omitting the good purposes Tor can be used for.
>TOR
It's Tor you mong
Everyone concerned with OPSec at any level really should operate on, as Schneier calls it, the conspiracy model
Nothing is safe and everyone is out to get you, you can't assume things for your own convenience
On a general basis though, I doubt that your average person would actually need to worry about that
I just block (some) JS that is completely useless to a site, eg doubleclick.net and the like
Also some that is necessary to the site, if the site itself is bloat incarnate (CNN.com)
The Onion Router i.e. TOR. just cause Tor is easier to write doesn't make it true you abomination of humanity.
Tor has to have time be perfectly synchronized. This means local time can be used in pinpointing user location. UTC or bust.
>brute forcing
>default password
Choose one
>people still don't know the difference between LARP and RP
or is this some new dank meme I missed while I was away
>using the web 2.0 botnet
can be used to pinpoint user's country. That's it.
not using the best voice chat app I have ever come across for vidya. or maybe you have no friends to talk to
Enjoy your Facebook Messenger Gaymen Edition
No one who knows what they're talking about spells it that way.
At first I thought op was a troll but damn nobody can seem to dispute him. I guess JavaScript isn't that bad after all. It was just a boogeyman meme.
You idiot, it takes a vulnerability to expose you, not the use of JS. Otherwise it would have been off by default. The vulnerability could be inside JS engine or in other areas in the browser. JS could make exploiting those other vulnerabilities possible or easier (at least that was the case before).
im sure someone will drop an 0day just to prove you wrong, OP, faggot
It's Tor, and Tor wont stop you from having bad opsec or being an idiot, which is the #1 reason hidden services get shut down
>Can anyone show solid proof that JS will expose you?
Do you know what JS is?
Lel. Sure if you are a eurofag. Plenty of countries span more than one time zone. Even then it can be used to find the closest NTP server.
It does not need to be full exposure. It only need to track you even partially in order for a sane person to disable it.
Moreover most browser security issues are related to JS so this is a good reason by itself to disable it.
Anyhow, with js you can track the movements that one does with the mouse, tab focus, clicks, and many other things.
>Someone please pin this
???
>Chromium
Why? It's shit with a lot of tabs.
Also, why would you link it? Everyone here knows about it.
She was one of the people that were shitting on djb and were against appelbaum.
>Needs to be proven that it isn't safe. That's how everything works.
lie.
easily demonstrated lie, at that.
it's a security vector that's been exploited many times. The fact that they leave it enabled by default should tell you alot about them.
kys
Well, what are you waiting for? Go ahead and enable it while browsing sketchy .onion sites.
I'll see your news article on the DailyMail in approximately 2 months. Enjoy.
does my palm smell like strawberries to you?
most attacks on tor were done by idiots that logged in in sites like facebook and twitter. Just leave a honeypot server as an exit node open and you will get results. The thing is that social media idiots are not using always tor, so even with a warrant to an ISP or facebook you can cross reference IPs and identities
the freedom hosting takedown proved that js is insecure
if any of you retards stopped shitposting long enough to read one article then you would know this. a thread died just so someone could make a fool of himself
> duur huur, what is penetration testing
> oh we try to break things to prove they are 100% they are safe
are you dumb? just kill self. you can never prove anything non mathematical is 100% unbreakable.
been doing that for years and still out of the papers. only idiots who don't actually know the issue disable it to pretend they are safe. the most common attacks on deanonymising doesn't even involve JS!
Pretty dumb statement to counter his proposition cause you have all the tools available to you to provide a claim.
> being this retarded
Only users who did update were affected!
(you)
shit thread op
Checked
Why do people keep referring to TOR as a browser?
> Yeah I'm aware that stop selling alchool would significantly decrease death by car crashes.
> Yeah I'm aware than stop selling knifes would significantly decrease death by stab.
> Yeah I'm aware that stop allowing weapons would significantly decrease homicides.
> Yeah I'm aware than stop selling cars would significantly decrease car crashes.
Tor and Tor Browser are separate things.
Tor Browser is a fork of Firefox, that uses the Tor network by default, and which also has a great number of privacy changes.
Tor Browser is the recommended way to use Tor, and if you use Tor through a different network you may be compromising yourself by making yourself more trackable.
were not affected*